•May-11-2006 02:27pm F rom-KATTENMUCHI N1 5REPT 



2129407049 



T-593 P. 005/017 F-641 



AMENDMENTS TO THE ClAlMS: 

1 .(original): A communication network system having a central management device 
and a plurality of local area network systems, said central management device and said plurality 
of local area network systems being competed to each other, each of the plurality of local area 
network systems having a router and a terminal which are connected to each other via a local 
area network, 

said central management device comprising: 

a management database for storing at least one common key, each public key 
assigned to each router and a public key assigned to the central management device; and 

a central-side encryption unit for encrypting the common key by using each 
public key assigned to each router, and sending the encrypted common key to each router; 
said router comprising: 

a first router-side decryption unit for decrypting the encrypted common key sent 
from said center-side encryption unit by using a secret key of the router; 

a storage unit for storing the common key after decryption by said first router-side 
decryption unit; and 

a router-side encryption unit for encrypting communication data to be sent from a 
first source terminal in a local area network system of the router to a first destination terminal in 
another local area network system, or communication data to be sent from the router to the 
central management device, by using the common key stored in said storage unit, and sending 
die encrypted communication data to another local area network or the central management 
device. 
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2. (original): The communication network system according to claim I, wherein 

said central-side encryption unit encrypts the public keys and sends said 
encrypted public keys to each router, 

said first router-side decryption unit decrypts the encrypted public keys sent from 
the central-side encryption unit by using the secret key of the router, 

said storage unit stores the public keys after decryption by said first router-side 
decryption unit, and 

said router-side encryption unit selects the public key for a router of another local 
area network system or the central management device to be a destination from the public keys 
siored in the siorage unit, encrypts the common key by using the selected public key, and sends 
the encrypted common key to another local area network or the central management device, 
together with the encrypted communication data, 

3. (onginal); The communication network system according to claim 1 , wherein 

said management database further stores secret concealment terminal data 
indicating a combination of one terminal in one of the plurality of local area network systems 
and another terminal in another of the plurality of local area network systems, data 
communicated between one and another terminals of said combination being required to be 
encrypted; 

said central-side encryption unit encrypts the secret concealment terminal data by 
using each public key assigned to each router, and sends the encrypted secret concealment 
terminal data to each router, 
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said first router-side decryption unit decrypts the encrypted secret concealment 
terminal data sent by the central-side encryption unit by using the secret key of the router, 

said storage unit stores the secret concealment terminal data after decryption, and 
said router-side encryption unit encrypts the communication data if the 
combination of the first source terminal and the first destination terminal is contained in the 
secret concealment terminal data. 

4. (original): The communication network system according to claim 1, wherein said 
router further comprises: 

a second router-side decrypnon unit for decrypting data sent from a second source 
terminal in another local area network system to a second destination terminal in the local area 
network system of the router, and sending the data after decryption to said second destination 
terminal. 

5. (original): The communication network system according to claim 4, wherein 

said management database further siores secret concealment terminal data 
indicating a combination of one terminal in one of the plurality of local area network systems 
and another terminal in another of the plurality of local area network systems, data 
communicated between one and another terminals of said combination being required to be 
encrypted, 

said central-side encryption unit encrypts said secret concealment terminal data by 
using each public key assigned to each router, and sends the encrypted secret concealment 
terminal data to each router, 
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said first rower-side decryption unit decrypts the encrypted secret concealment 
terminal data sent by the central side encryption unit, by using the secret key of the router, 

said storage unit stores the secret concealment terminal data after decrypiion, and 
said second router-side decryption unit decrypts the communication data if the 
combination of the second source terminal and the second destination terminal is contained in the 
secret concealment terminal data. 

6. (original): The communication network system according to claim I, wherein 

if ihe common key srored in the management database is updated, said central- 
side encryption unit encrypts the updated common key and sends the updated and encrypted 
common key, and said first router-side decryption unit decrypts the updated and encrypted 
common key, and said storage unit substitutes the already stored common key by the updated 
common key after decryption, for storage. 

7. (original): The communication network system according to claim 2 7 wherein 

if the public key stored in the management database is updated, said central-side 
encryption unit encrypts the updated public key and sends the updated and encrypted public key 7 
and said first router-side decryption unit decrypts the updated and encrypted public key, and said 
storage unit substitutes the already stored public key by the updated public key after decryption, 
for storage, 

8. (original): The communication network system according to claim 3, wherein 
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if said secret concealment terminal data stored in the management database is 
updated, said central-side encryption unit encrypts the updated secret concealment terminal data 
and sends the updated and encrypted secret concealment terminal data, and said first router-side 
decryption unit decrypts the updated and encrypted secret concealment terminal data, and said 
storage unit substitutes the already stored secret concealment terminal data by the updated secret 
concealment terminal data after decryption, for storage. 

9. (cuirently amended): The communication network system according to claim 5, 
wherein 

if said secret concealment terminal data stored in the management database is 
updated, said central-side encryption unit encrypts the updated secret concealment terminal data 
and sends the updated and encrypted secret concealment terminal data, and said first router-side 
decryption unit decrypts the updated and encrypted secret concealment terminal data, and said 
storage unit substitutes the already stored secret concealment terminal data by the updated secret 
concealment terminal data after decryption doo fl ypcion , for storage, 

1 0. (original): A communication method in a communication network system having a 
central management device and a plurality of local area network systems, said central 
management device and said plurality of local area network systems being connected to each 
other, each of the plurality of local area network systems having a router and a terminal which 
are connected to each other via a local area network, comprising steps of: 

in said central management device, 
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• encrypting at least one common key stored in a management database in advance 
by using each public key assigned to each router, each public key being stored in said 
management database in advance; and 

sending the encrypted common key to each router; and 
in said router, 

decrypting the encrypted common key sent from the central management device 
by using a secret key of the router; 

encrypting communication data to be sent from a source terminal in a local area 
network system of the router to a destination terminal to another local area network system, or 
communication data to be sent from the router to the central management device by using the 
common key; and 

sending the encrypted communication data to another local area network or the 
central management device. 

1 1 .(original): A router disposed in each of a plurality of local area network systems 
which are connected to a central management device, the router being connected via a local area 
network to a terminal disposed in each of the plurality of local area network systems, the router 
comprising: 

a decryption unit for decrypting an encrypted common key sent from said central 
management device, by using a secret key for said router, said common key being encrypted by 
using a public key for the router; 

a storage unit for storing said common key after decryption by said decryption 

unit; and 
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an encryption unii for encrypting communication data to be sent from a source 
terminal in a local area network system of said router to a destination terminal in another local 
area nerwork system, or communication data to be sent from said router to the central 
management device, by using the common key stored in said storage unit, and sending the 
encrypted communication data to another local area network or the central management device. 

12.(original): A communication method of a router in each of a plurality of local area 
network systems which are connected to a central management device, said router being 
connected to a terminal via a local area network, comprising steps of: 

decrypting an encrypted common key sent from said central management device 
by using a secret key for said router, said common key being encrypted by using a public key for 
said router, 

storing the common key after decryption in a storage unit in the router; 

encrypting communication data to be sent from a source terminal in a local area 
network system of the router to a destination terminal in another local area network system, or 
communication data to be sent from the router to the central management device, by usmg the 
common key stored in the storage unit; and 

sending the encrypted communication data to another local area network or to the 
central management device. 

Unoriginal): A program product executed by a router disposed in each of a plurality of 
local area network systems which are connected to a central management device, the router 
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being connected via a local area network to a terminal disposed m each of the plurality of local 
urea network systems, said program product comprising steps of: 

decrypting an encrypted common key sent from the central management device 
by using a secret key of the router, said common key being encrypted by using a public key of 
the router; 

storing said common key after decryption in a storage unit of the router; 

encrypting communication data to be sent from a source terminal in a local area 
network system of the router to a destination terminal in another local area network system, or 
communication data to be sent from the router to the central management device, by usmg the 
common key stored in the storage unit; and 

sending the encrypted communication data to another local area network or to the 
central management device. 

Unoriginal); A central management device connected to a plurality of local area 
network systems each having a router and a terminal which are connected to each other through a 
local area network, the central management device comprising: 

a management database for storing at least one common key, each public key 
assigned to each router and a public key assigned to said central management device, said at least 
one common key being used by each router to encrypt communication data to be communicated 
between a terminal of a local area network system and a terminal of another local area network 
system, or between each router and the central management device; and 

an encryption unit for encrypting the common key by using each public key 
assigned to each router, and sending the encrypted common key ro each router- 
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1 5,(original): A management method of a central management device connected to a 
plurality of local area network systems each having a router and a terminal which are connected 
to each other through a local area network, the management method comprising steps of: 

storing in a management database and managing at least one common key, each 
public key assigned to each router and a public key assigned to said central management device, 
said at least one common key being used by each router to encrypt communication datu to be 
communicated between a terminal in a local area network system and a terminal in another local 
area network system, or between a router and the central management device; 

encrypting the common key by using each public key assigned to each router; and 

sending the encrypied common key to each router. 

!6.(original): A program product executed by a computer installed in a central 
management device connected to a plurality of local area network system each having a router 
and a terminal which are connected to each other through a local area network, said program 
product comprising steps of: 

storing in a management database and managing at least one common key, each 
public key assigned to each router and a public key assigned to said central management device, 
said at least one common key being used by each router to encrypt communication data to be 
communicated between a terminal in a local area network system and a terminal in another local 
area network system, or between a router and the central management device; 

encrypting the common key by using each public key assigned to each router; and 

sending the encrypted common key to each router. 
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